DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33388>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33388 Summary: Make x-cocoon-version header optional Product: Cocoon 2 Version: 2.1.5 Platform: PC OS/Version: Windows NT Status: NEW Severity: normal Priority: P4 Component: core AssignedTo: dev@cocoon.apache.org ReportedBy: [EMAIL PROTECTED] While the X-Cocoon-Version header (added in 2.0.2) can be useful on occasion, our Security team are objecting to it on the grounds that it helps hackers to fingerprint our site & the technologies that drive it. A quick search here in Bugzilla and they could discover all the known vulnerabilities that are present in the version we're using... I was disappointed to find, however, that there isn't an easy way to disable this header, other than modifying the source and rebuilding. I'd been hoping for a parameter somewhere (e.g. an init parameter on the servlet) that allows it to be switched off (the default could be to include it, as at present). Perhaps one could/should be added? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
